From 68377161605e39c8c74ea77d0b504177480788f3 Mon Sep 17 00:00:00 2001 From: "Gao, Chenfei (cg287m)" Date: Thu, 22 Jun 2017 14:48:41 -0400 Subject: [POLICY-22] Reorganizing drools-apps Change-Id: I5f9bb3908f8d55c466dd847ae5e01a424e9ba364 Signed-off-by: Gao, Chenfei (cg287m) Signed-off-by: Pamela Dragosh --- .../resources/xacml/old/frequency_limiter_1.xml | 37 +++ .../resources/xacml/old/frequency_limiter_2.xml | 52 ++++ .../resources/xacml/old/frequency_limiter_3.xml | 37 +++ .../resources/xacml/old/frequency_limiter_4.xml | 51 ++++ .../src/test/resources/xacml/old/xacml.properties | 119 +++++++++ .../src/test/resources/xacml/old/xacml2.properties | 120 +++++++++ .../src/test/resources/xacml/old/xacml3.properties | 123 +++++++++ .../test/resources/xacml/xacml_guard.properties | 52 ++++ .../resources/xacml/xacml_guard_old.properties | 277 +++++++++++++++++++++ .../yaml/policy_ControlLoop_vUSP_1707.yaml | 68 +++++ .../yaml/policy_guard_vUSP_1707_appc_migrate.yaml | 24 ++ .../yaml/policy_guard_vUSP_1707_appc_rebuild.yaml | 24 ++ .../policy_guard_vUSP_1707_appc_rebuild_1.yaml | 24 ++ .../yaml/policy_guard_vUSP_1707_appc_restart.yaml | 24 ++ ...icy_guard_vUSP_1707_appc_restart_blacklist.yaml | 26 ++ 15 files changed, 1058 insertions(+) create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties create mode 100644 controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml create mode 100644 controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml (limited to 'controlloop/templates/template.demo/src/test/resources') diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml new file mode 100644 index 000000000..1a70d0468 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_1.xml @@ -0,0 +1,37 @@ + + + Policy for frequency limiter. + + + + + APPC + + + + Restart + + + + + + + PERMIT - only if number of operations performed in the past is less than the limit. + + + + + + + + + + + 1 + + + + DENY - default. + + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml new file mode 100644 index 000000000..e7e34feeb --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_2.xml @@ -0,0 +1,52 @@ + + + Policy for frequency limiter. + + + + + APPC + + + + Restart + + + + + + + PERMIT - only if number of operations performed in the past is less than the limit. + + + + + + + + + + + + + + + PT10M + + + + + + 22 + + + + + + + + DENY - default. + + + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml new file mode 100644 index 000000000..c171968d2 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_3.xml @@ -0,0 +1,37 @@ + + + Policy for frequency limiter. + + + + + APPC + + + + Restart + + + + + + + PERMIT - only if number of operations performed in the past is less than the limit. + + + + + + + + + + + 1 + + + + DENY - default. + + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml new file mode 100644 index 000000000..53e83d9cd --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/frequency_limiter_4.xml @@ -0,0 +1,51 @@ + + + Policy for frequency limiter. + + + + + APPC + + + + Restart + + + + + + + PERMIT - only if number of operations performed in the past is less than the limit. + + + + + + + + + + + + + + + 05:00:00-05:00 + 23:59:59-05:00 + + + + + + + + + 1 + + + + DENY - default. + + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties new file mode 100644 index 000000000..e51f038e9 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml.properties @@ -0,0 +1,119 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_1.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=World +sql1.description=World Database from MySQL website. Copyright Statistics Finland, http://www.stat.fi/worldinfigures. +# This will be the default issuer for the resolvers. NOTE: Issuer only used for attributes provided by the engine. +sql1.issuer=com:att:research:xacml:test:sql +# +# This is the configuration for JDBC. You will have to setup the database and run the data\world*.sql script to +# create the tables and load the data. +# +sql1.type=jdbc + +# Postgres DB +#sql1.jdbc.driver=org.postgresql.Driver +#sql1.jdbc.url=jdbc:postgresql://localhost:7778/postgres +#sql1.jdbc.conn.user=postgres +#sql1.jdbc.conn.password= + +# MariaDB +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +# +# This is the configuration for JNDI datasource. +# +#sql1.type=jndi +#sql1.datasource=jdbc/xacml + +sql1.resolvers=langer + +sql1.resolver.langer.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.langer.name=Language +sql1.resolver.langer.description=This returns the number of previous operations within the given time window + +# Query for Postgres DB +#sql1.resolver.langer.select=select count(*) from operationshistory where actor=? and operation=? and target=? and endtime between now()::timestamp with time zone - (interval '1000000000s') and now()::timestamp with time zone + +# Query for MariaDB +#sql1.resolver.langer.select=select count(*) as count from operationshistory where actor=? and operation=? and target=? and convert_tz(endtime,@@session.time_zone,'-05:00') between date_sub(convert_tz(now(),@@session.time_zone,'-05:00'),interval 100 hour) and convert_tz(now(),@@session.time_zone,'-05:00') +sql1.resolver.langer.select=select count(*) as count from operationshistory9 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() + +sql1.resolver.langer.fields=count +sql1.resolver.langer.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.langer.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.langer.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +#You can override the default issuer that is set in the JDBCEngine definition if you want. +#sql1.resolver.langer.field.language.issuer=com:att:research:xacml:test:sql +sql1.resolver.langer.parameters=actor,operation,target + +sql1.resolver.langer.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.langer.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject + +sql1.resolver.langer.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.langer.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action + +sql1.resolver.langer.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.langer.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +# +# These properties are for an attribute generator to build into requests. +# +xacml.attribute.generator=generate_subjectid + +xacml.attribute.generator.generate_subjectid.file=generate.data +xacml.attribute.generator.generate_subjectid.attributes=city + +xacml.attribute.generator.generate_subjectid.attributes.city.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +xacml.attribute.generator.generate_subjectid.attributes.city.datatype=http://www.w3.org/2001/XMLSchema#string +xacml.attribute.generator.generate_subjectid.attributes.city.id=urn:oasis:names:tc:xacml:1.0:resource:resource-id +xacml.attribute.generator.generate_subjectid.attributes.city.field=0 + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties new file mode 100644 index 000000000..2d1276b51 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml2.properties @@ -0,0 +1,120 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_2.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=World +sql1.description=World Database from MySQL website. Copyright Statistics Finland, http://www.stat.fi/worldinfigures. +# This will be the default issuer for the resolvers. NOTE: Issuer only used for attributes provided by the engine. +sql1.issuer=com:att:research:xacml:test:sql +# +# This is the configuration for JDBC. You will have to setup the database and run the data\world*.sql script to +# create the tables and load the data. +# +sql1.type=jdbc + +# Postgres DB +#sql1.jdbc.driver=org.postgresql.Driver +#sql1.jdbc.url=jdbc:postgresql://localhost:7778/postgres +#sql1.jdbc.conn.user=postgres +#sql1.jdbc.conn.password= + +# MariaDB +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +# +# This is the configuration for JNDI datasource. +# +#sql1.type=jndi +#sql1.datasource=jdbc/xacml + +sql1.resolvers=langer + +sql1.resolver.langer.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.langer.name=Language +sql1.resolver.langer.description=This returns the number of previous operations within the given time window + +# Query for Postgres DB +#sql1.resolver.langer.select=select count(*) from operationshistory where actor=? and operation=? and target=? and endtime between now()::timestamp with time zone - (interval '1000000000s') and now()::timestamp with time zone + +# Query for MariaDB +#sql1.resolver.langer.select=select count(*) as count from operationshistory where actor=? and operation=? and target=? and convert_tz(endtime,@@session.time_zone,'-05:00') between date_sub(convert_tz(now(),@@session.time_zone,'-05:00'),interval 100 hour) and convert_tz(now(),@@session.time_zone,'-05:00') +sql1.resolver.langer.select=select starttime as starttimebag from operationshistory9 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() + +#sql1.resolver.langer.fields=count +sql1.resolver.langer.fields=starttimebag +sql1.resolver.langer.field.starttimebag.id=com:att:research:xacml:test:sql:resource:operations:starttimebag +sql1.resolver.langer.field.starttimebag.datatype=http://www.w3.org/2001/XMLSchema#dateTime +sql1.resolver.langer.field.starttimebag.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +#You can override the default issuer that is set in the JDBCEngine definition if you want. +#sql1.resolver.langer.field.language.issuer=com:att:research:xacml:test:sql +sql1.resolver.langer.parameters=actor,operation,target + +sql1.resolver.langer.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.langer.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject + +sql1.resolver.langer.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.langer.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action + +sql1.resolver.langer.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.langer.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.langer.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +# +# These properties are for an attribute generator to build into requests. +# +xacml.attribute.generator=generate_subjectid + +xacml.attribute.generator.generate_subjectid.file=generate.data +xacml.attribute.generator.generate_subjectid.attributes=city + +xacml.attribute.generator.generate_subjectid.attributes.city.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +xacml.attribute.generator.generate_subjectid.attributes.city.datatype=http://www.w3.org/2001/XMLSchema#string +xacml.attribute.generator.generate_subjectid.attributes.city.id=urn:oasis:names:tc:xacml:1.0:resource:resource-id +xacml.attribute.generator.generate_subjectid.attributes.city.field=0 + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties new file mode 100644 index 000000000..a3e6f2f44 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/old/xacml3.properties @@ -0,0 +1,123 @@ +# +# +# This is test set that tests configurable SQL PIP engine. It uses sample data from MySQL world database +# +# http://dev.mysql.com/doc/world-setup/en/index.html +# +# The Policy was created using the PAP Admin Tool. +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# Policies to load +# +xacml.rootPolicies=sql +sql.file=src/test/resources/xacml/frequency_limiter_3.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1 + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=OperationsHistory +sql1.description=Database of operations performed via closed loop. +sql1.issuer=com:att:research:xacml:test:sql123 +sql1.type=jdbc +sql1.jdbc.driver=org.mariadb.jdbc.Driver +sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +#Each of the following resolvers corresponds to a specific time window. The only difference between them is the "interval" in the "select" SQL query and the "issuer". +sql1.resolvers=tw10min,tw1h,tw100h + +############################################## +sql1.resolver.tw10min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 10 minute) and now() +sql1.resolver.tw10min.field.count.issuer=com:att:research:xacml:test:sql:tw10min + +sql1.resolver.tw10min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw10min.name=OperationsCount +sql1.resolver.tw10min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw10min.fields=count +sql1.resolver.tw10min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw10min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw10min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw10min.parameters=actor,operation,target +sql1.resolver.tw10min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw10min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw10min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw10min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw10min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw10min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw1h.select=select count(*) as count from operationshistory10 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 hour) and now() +sql1.resolver.tw1h.field.count.issuer=com:att:research:xacml:test:sql:tw1h + +sql1.resolver.tw1h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1h.name=OperationsCount +sql1.resolver.tw1h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1h.fields=count +sql1.resolver.tw1h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1h.parameters=actor,operation,target +sql1.resolver.tw1h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw100h.select=select count(*) as count from operationshistory10 where actor=? and operation=? and target=? and endtime between date_sub(now(),interval 100 hour) and now() +sql1.resolver.tw100h.field.count.issuer=com:att:research:xacml:test:sql:tw100h + +sql1.resolver.tw100h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw100h.name=OperationsCount +sql1.resolver.tw100h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw100h.fields=count +sql1.resolver.tw100h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw100h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw100h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw100h.parameters=actor,operation,target +sql1.resolver.tw100h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw100h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw100h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw100h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw100h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw100h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw100h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties new file mode 100644 index 000000000..070258642 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard.properties @@ -0,0 +1,52 @@ +# +# +# This files defines PIPs that will be used by XACML Guard Policies. One PIP per time window (5 min, 10min,...,1 month). +# +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# In case we have multiple applicable Guard policies, we will deny if any of them denies. +#xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny + + +# Policies to load +# +xacml.rootPolicies=p1,p2,p3,p4,p5 +p1.file=src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml +p2.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml +p3.file=src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml +p4.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml +p5.file=src/test/resources/xacml/autogenerated_blacklist.xml + + +# PIP Engine Definition +# +xacml.pip.engines=historydb +historydb.classname=org.onap.policy.guard.PIPEngineGetHistory +historydb.issuer=com:att:research:xacml:guard:historydb + diff --git a/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties new file mode 100644 index 000000000..0f858da8d --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/xacml/xacml_guard_old.properties @@ -0,0 +1,277 @@ +# +# +# This files defines PIPs that will be used by XACML Guard Policies. One PIP per time window (5 min, 10min,...,1 month). +# +# +# + +# +# Default XACML Properties File +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory + + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +# In case we have multiple applicable Guard policies, we will deny if any of them denies. +#xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny + + +# Policies to load +# +xacml.rootPolicies=p1,p2,p3,p4 +p1.file=src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml +p2.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml +p3.file=src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml +p4.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml +#p5.file=src/test/resources/xacml/autogenerated_blacklist.xml +#p6.file=src/test/resources/xacml/new_restart1.xml +#p7.file=src/test/resources/xacml/new_restart2.xml +#p8.file=src/test/resources/xacml/new_rebuild1.xml +#p9.file=src/test/resources/xacml/new_rebuild2.xml +#p10.file=src/test/resources/xacml/new_migrate1.xml +#p11.file=src/test/resources/xacml/new_migrate2.xml + +# PIP Engine Definition +# +xacml.pip.engines=sql1,test1 +test1.classname=com.att.ecomp.policy.guard.PIPEngineGetHistory +test1.issuer=com:att:research:xacml:guard:historydb + + +sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine +sql1.name=OperationsHistory +sql1.description=Database of operations performed via closed loop. +sql1.issuer=com:att:research:xacml:test:sql123 +sql1.type=jdbc +sql1.jdbc.driver=org.mariadb.jdbc.Driver +#sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy +sql1.jdbc.url=jdbc:mariadb://135.207.129.112:3306/policy +sql1.jdbc.conn.user=root +sql1.jdbc.conn.password=lmpg + +#Each of the following resolvers corresponds to a specific time window. The only difference between them is the "interval" in the "select" SQL query and the "issuer". +sql1.resolvers=tw5min,tw10min,tw30min,tw1h,tw12h,tw1d,tw5d,tw1w,tw1mon + + + +############################################## +sql1.resolver.tw5min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 minute) and now() +sql1.resolver.tw5min.field.count.issuer=com:att:research:xacml:test:sql:tw5min + +sql1.resolver.tw5min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw5min.name=OperationsCount +sql1.resolver.tw5min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw5min.fields=count +sql1.resolver.tw5min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw5min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw5min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw5min.parameters=actor,operation,target +sql1.resolver.tw5min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw5min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw5min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw5min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw5min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw5min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw10min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 10 minute) and now() +sql1.resolver.tw10min.field.count.issuer=com:att:research:xacml:test:sql:tw10min + +sql1.resolver.tw10min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw10min.name=OperationsCount +sql1.resolver.tw10min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw10min.fields=count +sql1.resolver.tw10min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw10min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw10min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw10min.parameters=actor,operation,target +sql1.resolver.tw10min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw10min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw10min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw10min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw10min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw10min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw10min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw30min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 30 minute) and now() +sql1.resolver.tw30min.field.count.issuer=com:att:research:xacml:test:sql:tw30min + +sql1.resolver.tw30min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw30min.name=OperationsCount +sql1.resolver.tw30min.description=This returns the number of previous operations within the given time window +sql1.resolver.tw30min.fields=count +sql1.resolver.tw30min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw30min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw30min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw30min.parameters=actor,operation,target +sql1.resolver.tw30min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw30min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw30min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw30min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw30min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw30min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw30min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################################## +sql1.resolver.tw1h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 hour) and now() +sql1.resolver.tw1h.field.count.issuer=com:att:research:xacml:test:sql:tw1h + +sql1.resolver.tw1h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1h.name=OperationsCount +sql1.resolver.tw1h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1h.fields=count +sql1.resolver.tw1h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1h.parameters=actor,operation,target +sql1.resolver.tw1h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################################## +sql1.resolver.tw12h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 12 hour) and now() +sql1.resolver.tw12h.field.count.issuer=com:att:research:xacml:test:sql:tw12h + +sql1.resolver.tw12h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw12h.name=OperationsCount +sql1.resolver.tw12h.description=This returns the number of previous operations within the given time window +sql1.resolver.tw12h.fields=count +sql1.resolver.tw12h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw12h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw12h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw12h.parameters=actor,operation,target +sql1.resolver.tw12h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw12h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw12h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw12h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw12h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw12h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw12h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw1d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 day) and now() +sql1.resolver.tw1d.field.count.issuer=com:att:research:xacml:test:sql:tw1d + +sql1.resolver.tw1d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1d.name=OperationsCount +sql1.resolver.tw1d.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1d.fields=count +sql1.resolver.tw1d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1d.parameters=actor,operation,target +sql1.resolver.tw1d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw5d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 day) and now() +sql1.resolver.tw5d.field.count.issuer=com:att:research:xacml:test:sql:tw5d + +sql1.resolver.tw5d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw5d.name=OperationsCount +sql1.resolver.tw5d.description=This returns the number of previous operations within the given time window +sql1.resolver.tw5d.fields=count +sql1.resolver.tw5d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw5d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw5d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw5d.parameters=actor,operation,target +sql1.resolver.tw5d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw5d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw5d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw5d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw5d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw5d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw5d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + +############################# +sql1.resolver.tw1w.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 week) and now() +sql1.resolver.tw1w.field.count.issuer=com:att:research:xacml:test:sql:tw1w + +sql1.resolver.tw1w.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1w.name=OperationsCount +sql1.resolver.tw1w.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1w.fields=count +sql1.resolver.tw1w.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1w.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1w.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1w.parameters=actor,operation,target +sql1.resolver.tw1w.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1w.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1w.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1w.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1w.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1w.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1w.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + +############################# +sql1.resolver.tw1mon.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 month) and now() +sql1.resolver.tw1mon.field.count.issuer=com:att:research:xacml:test:sql:tw1mon + +sql1.resolver.tw1mon.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver +sql1.resolver.tw1mon.name=OperationsCount +sql1.resolver.tw1mon.description=This returns the number of previous operations within the given time window +sql1.resolver.tw1mon.fields=count +sql1.resolver.tw1mon.field.count.id=com:att:research:xacml:test:sql:resource:operations:count +sql1.resolver.tw1mon.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer +sql1.resolver.tw1mon.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource +sql1.resolver.tw1mon.parameters=actor,operation,target +sql1.resolver.tw1mon.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id +sql1.resolver.tw1mon.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject +sql1.resolver.tw1mon.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id +sql1.resolver.tw1mon.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action +sql1.resolver.tw1mon.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id +sql1.resolver.tw1mon.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string +sql1.resolver.tw1mon.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource + + diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml new file mode 100644 index 000000000..62bf986bd --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml @@ -0,0 +1,68 @@ +controlLoop: + version: 1.0.0 + controlLoopName: ControlLoop-vUSP-vCTS-cbed919f-2212-4ef7-8051-fe6308da1bda + services: + - serviceName: vUSP + resources: + - resourceName: vCTS + resourceType: VF + - resourceName: vCOM + resourceType: VF + - resourceName: vRAR + resourceType: VF + - resourceName: vLCS + resourceType: VF + - resourceName: v3CB + resourceType: VF + trigger_policy: unique-policy-id-1-restart + timeout: 60 + abatement: true + +policies: + - id: unique-policy-id-1-restart + name: Restart Policy + description: + actor: APPC + recipe: Restart + target: + type: VM + retry: 3 + timeout: 20 + success: final_success + failure: unique-policy-id-2-rebuild + failure_timeout: unique-policy-id-2-rebuild + failure_retries: unique-policy-id-2-rebuild + failure_guard: unique-policy-id-2-rebuild + failure_exception: final_failure_exception + + - id: unique-policy-id-2-rebuild + name: Rebuild Policy + description: + actor: APPC + recipe: Rebuild + target: + type: VM + retry: 0 + timeout: 10 + success: final_success + failure: unique-policy-id-3-migrate + failure_timeout: unique-policy-id-3-migrate + failure_retries: unique-policy-id-3-migrate + failure_guard: unique-policy-id-3-migrate + failure_exception: final_failure_exception + + - id: unique-policy-id-3-migrate + name: Migrate Policy + description: + actor: APPC + recipe: Migrate + target: + type: VM + retry: 0 + timeout: 30 + success: final_success + failure: final_failure + failure_timeout: final_failure_timeout + failure_retries: final_failure_retries + failure_guard: final_failure_guard + failure_exception: final_failure_exception diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml new file mode 100644 index 000000000..333895b2e --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Migrate + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Migrate + limit_constraints: + - num: 1 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + + \ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml new file mode 100644 index 000000000..865915f82 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Rebuild + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Rebuild + limit_constraints: + - num: 2 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + + \ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml new file mode 100644 index 000000000..6905d733f --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Rebuild + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Rebuild + limit_constraints: + - num: 25 + duration: + value: 1 + units: week + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + + \ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml new file mode 100644 index 000000000..b44ff00df --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml @@ -0,0 +1,24 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1 + name: APPC 5 Restart + description: | + We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am) + actor: APPC + recipe: Restart + limit_constraints: + - num: 2 + duration: + value: 10 + units: minute + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + + \ No newline at end of file diff --git a/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml new file mode 100644 index 000000000..50af17af6 --- /dev/null +++ b/controlloop/templates/template.demo/src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml @@ -0,0 +1,26 @@ +guard: + version: 2.0.0 + +guards: + - id: unique_guard_vUSP_1_Blacklist + name: APPC Restart Blacklist + description: | + We deny restart of the blacklisted targets (avoid midnight to 5am) + actor: APPC + recipe: Restart + limit_constraints: + - blacklist: + - server123 + - server2234 + - vserver.vserver-name22 + - aaabbbccc + - foobartriggersource35 + time_in_range: + arg2: 00:00:00-05:00 + arg3: 23:59:59-05:00 + + + + + + \ No newline at end of file -- cgit 1.2.3-korg